Mutiple Objects authorization using pundit in one action

Question

In the code below i want authorize team and user.

By authorizing the team , i want to make sure the current_user is the admin of team
Second authorize is to make sure that the user being removed is not the admin(user) of team.

I assume you have basic knowledge of Pundit, a rails gem. Is there a better way for doing the same.?How this code can be improved?

def remove_user team = Team.find(params[:id]) user = User.find(params[:user_id]) authorize team authorize user .... end

What do your associations/tables look like? Can a team have multiple admin users or just one? — Scott, Apr 21 '17 at 14:22

score 0 · Answer 1 · answered Mar 15 '17 at 10:07

0

In the policy class you wrote add method to implement the logic

eg:

class PostPolicy
  -------
    other methods and declaration
  -------

  def initialize(current_user, user)
    @current_user = current_user
    @user = user
  end

  def remove_user?
    @current_user.admin? and @current_user != @user
  end
end

answered Mar 15 '17 at 10:07

Dias

862
8
17

In my case I have mutiple teams and i want to authorize whether the current_user is admin of that team.Admin here refers to specific team.Not a general role.I hope you understand – Charles Skariah Mar 15 '17 at 11:11

Mutiple Objects authorization using pundit in one action

1 Answers1